X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-cass%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fdao%2Fhl%2FPermLookup.java;h=5a66be8af8260c30363544b83d5f9416aeccc331;hb=HEAD;hp=b068062138db1212c8e795d9237a110ab4d1af1d;hpb=0c883163f5d2da8573e56fab3ddb62a1ca5b889e;p=aaf%2Fauthz.git

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
index b0680621..5a66be8a 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -38,9 +38,9 @@ import org.onap.aaf.auth.env.AuthzTrans;
 import org.onap.aaf.auth.layer.Result;
 
 /**
- * PermLookup is a Storage class for the various pieces of looking up Permission 
+ * PermLookup is a Storage class for the various pieces of looking up Permission
  * during Transactions to avoid duplicate processing
- * 
+ *
  * @author Jonathan
  *
  */
@@ -53,9 +53,9 @@ public class PermLookup {
     private Result<List<RoleDAO.Data>> roles = null;
     private Result<Set<String>> permNames = null;
     private Result<List<PermDAO.Data>> perms = null;
-    
+
     private PermLookup() {}
-    
+
     public static PermLookup get(AuthzTrans trans, Question q, String user) {
         PermLookup lp=null;
         Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);
@@ -74,7 +74,7 @@ public class PermLookup {
         }
         return lp;
     }
-    
+
     public Result<List<UserRoleDAO.Data>> getUserRoles() {
         if (userRoles==null) {
             userRoles = q.userRoleDAO().readByUser(trans,user);
@@ -82,7 +82,7 @@ public class PermLookup {
                 List<UserRoleDAO.Data> lurdd = new ArrayList<>();
                 Date now = new Date();
                 for (UserRoleDAO.Data urdd : userRoles.value) {
-                    if (urdd.expires.after(now)) { // Remove Expired
+                    if (urdd.expires.after(now) || trans.org().isUserExpireExempt(user, urdd.expires)) { // Remove Expired
                         lurdd.add(urdd);
                     }
                 }
@@ -143,7 +143,7 @@ public class PermLookup {
             return permNames;
         }
     }
-    
+
     public Result<List<PermDAO.Data>> getPerms(boolean lookup) {
         if (perms==null) {
             // Note: It should be ok for a Valid user to have no permissions -
@@ -153,32 +153,32 @@ public class PermLookup {
                 List<PermDAO.Data> lpdd = new ArrayList<>();
                 for (String perm : rss.value) {
                     if (lookup) {
-                    	Map<String,PermDAO.Data> mspdd = new TreeMap<>();
+                        Map<String,PermDAO.Data> mspdd = new TreeMap<>();
                         Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);
                         if (ap.isOK()) {
-                             
+
                             Result<List<PermDAO.Data>> rlpd = q.permDAO().read(perm,trans,ap.value);
                             if (rlpd.isOKhasData()) {
                                 for (PermDAO.Data pData : rlpd.value) {
-                                	// ONLY add perms/roles which are related to this lookup
-                                	for(String pdr : pData.roles(false)) {
-                                		for(RoleDAO.Data r : roles.value) {
-                                			if(pdr.equals(r.encode())) {
-                                            	PermDAO.Data pdd = mspdd.get(pData.fullPerm());
-                                            	if(pdd==null) {
-                                            		pdd = new PermDAO.Data();
-                                            		pdd.ns = pData.ns;
-                                            		pdd.type = pData.type;
-                                            		pdd.instance = pData.instance;
-                                            		pdd.action = pData.action;
-                                            		pdd.description = pData.description;
+                                    // ONLY add perms/roles which are related to this lookup
+                                    for(String pdr : pData.roles(false)) {
+                                        for(RoleDAO.Data r : roles.value) {
+                                            if(pdr.equals(r.encode())) {
+                                                PermDAO.Data pdd = mspdd.get(pData.fullPerm());
+                                                if(pdd==null) {
+                                                    pdd = new PermDAO.Data();
+                                                    pdd.ns = pData.ns;
+                                                    pdd.type = pData.type;
+                                                    pdd.instance = pData.instance;
+                                                    pdd.action = pData.action;
+                                                    pdd.description = pData.description;
                                                     lpdd.add(pdd);
-                                            	}
-                                				pdd.roles(true).add(pdr);	
-                                				break;
-                                			}
-                                		}
-                                	}
+                                                }
+                                                pdd.roles(true).add(pdr);
+                                                break;
+                                            }
+                                        }
+                                    }
                                 }
                             }
                         } else {